2013-07-29

Sniffing and analysing communication protocol

I decided to put online my RTL2832U reverse-engineering / hacking scripts. I get quite often questions how to sniff USB, analyse data and generate some driver code to test. I hope this example helps. Fortunately RTL2832U USB protocol is also very simple, which is easy to read and understand even with very limited existing knowledge.

I like to use native Windows XP and SniffUSB 2.0 to took USB captures. There is multiple USB sniffers available, both software and hardware. Feel free to select one you like, but be aware that these scripts only work for SniffUSB logging format. Making log format conversion scripts should be quite trivial though.

Step-by-step

Take sniff using SniffUSB (outputs file UsbSnoop.log). Just tune to working TV channel, one sec is enough, log file size increases very rapidly when picture is streaming.

Use parser.pl to convert SniffUSB log (UsbSnoop.log) more human readable form. (History: In my understanding parser.pl was a part of USBreplay toolkit.)

./parser.pl UsbSnoop.log > UsbSnoop.ts

Lets remove video data as we are not interested of it. It is only control data what we like to get.

rtl2832u.py could currently extract all registers from rtl2832u devices that has tuner e4000, fc2580, fc0013, tua9001 or r820t. There is few more RF tuners used with rtl2832u and in case of unknown tuner it could still dump out rtl2832u itself registers. Generated code could be copy & pasted directly to the Linux drivers in question and make some tests.

Bug hunting

I have found that approach most easiest way to find out and kill Linux driver bugs. Lets take for example RF tuner bug, which causes notable reduced sensitivity. Took sniffs from the working machine, generate code, copy & paste that to the suitable places of non-working driver. Rapidly that non-working driver starts working and it is time to do manual binary search to find out problematic setting and fix it. Easy? Eventually yes.

This series contain: - new i2c video drivers: ml86v7667 (video decoder), ths8200 (video encoder); - a new video driver for EasyCap cards based on Fushicai USBTV007; - Improved support for OF and embedded systems, with V4L2 async initialization and a better support for clocks; - API cleanups on the ioctls used by the v4l2 debug tool; - Lots of cleanups; - As usual, several driver improvements and new cards additions; - Revert two changesets that change the minimal symbol rate for stv0399, as request by Manu; - Update MAINTAINERS and other files to point to my new e-mail.

Thanks!Mauro

-

The following changes since commit aad760136537fdfa10e5ac76bd3c79bde2100863: